PT-2024-34595 · Unknown · Projects World Travel Management System
Anirudh Krishnaprasad
·
Published
2024-11-04
·
Updated
2024-11-06
·
CVE-2024-51326
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
projectworlds Travel management System version 1.0
Description
A SQL Injection issue allows a remote attacker to execute arbitrary code via the
t2 parameter in "deletesubcategory.php". This enables the attacker to potentially access and manipulate sensitive data.Recommendations
For projectworlds Travel management System version 1.0, consider restricting access to the "deletesubcategory.php" file until a patch is available. As a temporary workaround, avoid using the
t2 parameter in the affected API endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Projects World Travel Management System